Naver
Products
13- 9 CVEs
- 7 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- Billboard.js2 CVEsnpm
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
35| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9752 | Cri | 0.64 | 9.8 | 0.01 | Mar 23, 2020 | Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. | ||
| CVE-2024-40618 | Cri | 0.62 | 9.6 | 0.00 | Jul 11, 2024 | Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. | ||
| CVE-2020-9753 | Cri | 0.59 | 9.1 | 0.01 | May 20, 2020 | Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. | ||
| CVE-2020-9751 | Cri | 0.59 | 9.1 | 0.00 | Mar 3, 2020 | Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade. | ||
| CVE-2021-33591 | Hig | 0.57 | 8.8 | 0.02 | May 28, 2021 | An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | ||
| CVE-2018-9859 | Hig | 0.53 | 8.1 | 0.01 | Jun 16, 2018 | The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications. | ||
| CVE-2026-8148 | Hig | 0.51 | 7.8 | 0.00 | May 8, 2026 | NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks. | ||
| CVE-2022-24077 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2022 | Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | ||
| CVE-2018-12449 | Hig | 0.51 | 7.8 | 0.01 | Oct 11, 2018 | The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. | ||
| CVE-2019-13157 | Hig | 0.49 | 7.5 | 0.02 | Nov 22, 2019 | nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive. | ||
| CVE-2019-13156 | Hig | 0.49 | 7.5 | 0.01 | Sep 3, 2019 | NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle. | ||
| CVE-2022-24073 | Hig | 0.46 | 7.1 | 0.01 | Mar 17, 2022 | The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. | ||
| CVE-2022-24075 | Med | 0.42 | 6.5 | 0.01 | Mar 17, 2022 | Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. | ||
| CVE-2024-50583 | Med | 0.41 | 6.3 | 0.00 | Oct 25, 2024 | Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings. | ||
| CVE-2016-5060 | Med | 0.40 | 6.1 | 0.02 | Dec 13, 2016 | Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. | ||
| CVE-2020-9754 | Med | 0.35 | 5.3 | 0.01 | Jun 27, 2022 | NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. | ||
| CVE-2021-33593 | Med | 0.35 | 5.3 | 0.01 | Nov 2, 2021 | Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. | ||
| CVE-2018-12448 | Med | 0.35 | 5.3 | 0.01 | Aug 2, 2018 | Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name. | ||
| CVE-2018-7635 | Med | 0.35 | 5.3 | 0.01 | Jul 3, 2018 | Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name. | ||
| CVE-2022-24071 | Med | 0.28 | 4.3 | 0.01 | Jan 28, 2022 | A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. |
- risk 0.64cvss 9.8epss 0.01
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
- risk 0.62cvss 9.6epss 0.00
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
- risk 0.59cvss 9.1epss 0.01
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
- risk 0.59cvss 9.1epss 0.00
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
- risk 0.57cvss 8.8epss 0.02
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
- risk 0.53cvss 8.1epss 0.01
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.
- risk 0.51cvss 7.8epss 0.00
NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
- risk 0.51cvss 7.8epss 0.00
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.
- risk 0.51cvss 7.8epss 0.01
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
- risk 0.49cvss 7.5epss 0.02
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
- risk 0.49cvss 7.5epss 0.01
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
- risk 0.46cvss 7.1epss 0.01
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
- risk 0.42cvss 6.5epss 0.01
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
- risk 0.41cvss 6.3epss 0.00
Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.
- risk 0.40cvss 6.1epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.
- risk 0.35cvss 5.3epss 0.01
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
- risk 0.35cvss 5.3epss 0.01
Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.
- risk 0.35cvss 5.3epss 0.01
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.
- risk 0.35cvss 5.3epss 0.01
Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.
- risk 0.28cvss 4.3epss 0.01
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.